Checklist Repository
The National Checklist Program (NCP), defined by the NIST
SP 800-70, is the U.S. government repository of publicly available
security checklists (or benchmarks) that provide detailed low level
guidance on setting the security configuration of operating systems
and applications.
NCP provides metadata and links to checklists of various formats
including checklists that conform to the Security
Content Automation Protocol (SCAP). SCAP enables validated
security products to automatically perform configuration checking
using NCP checklists. For more information relating to the NCP please
visit the information page or
the glossary of terms.
Search for Checklists using the fields below. The keyword
search will search across the name, and summary.
There are 868
matching records. Displaying matches 101 through 120.
| Name (Version) |
Target |
Authority |
Last Modified |
Resources |
| Apple iOS/iPadOS 18 STIG (Ver 2, Rel 2) |
Apple iPadOS 18.0
Apple iPhone OS 18.0
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Apple iOS/iPadOS 18 - Ver 2, Rel 2
|
| MariaDB Enterprise 10.x STIG (Ver 2, Rel 4) |
MariaDB Enterprise Server 10.x
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - MariaDB Enterprise 10.x STIG - Ver 2, Rel 4
|
| EnterpriseDB Postgres Advanced Server (EPAS) STIG (Ver 2, Rel 1) |
EDB Postgres Advanced Server
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Sunset - EDB Postgres Advanced Server v9.6 STIG - Ver 2, Rel 3
Standalone XCCDF 1.1.4 - EnterpriseDB Postgres Advanced Server (EPAS) STIG - Ver 2, Rel 1
|
| Apache Tomcat Application Server 9 STIG (Ver 3, Rel 3) |
Apache Tomcat 9.0
|
Defense Information Systems Agency
|
01/21/2026 |
Standalone XCCDF 1.1.4 - Apache Tomcat Application Server 9 STIG - Ver 3, Rel 3
|
| Apple vision OS 2 (Y25M09) |
Apple VisionOS 2.0
|
Defense Information Systems Agency
|
01/12/2026 |
Standalone XCCDF 1.1.4 - Apple vision OS 2
|
| CIS Oracle MySQL Enterprise Edition 8.4 Benchmark (1.1.0) |
Oracle MySQL Enterprise Edition 8.4
|
Center for Internet Security (CIS)
|
01/07/2026 |
Prose - CIS Oracle MySQL Enterprise Edition 8.4 Benchmark v1.1.0
|
| CIS Oracle MySQL Community Server 8.4 Benchmark (1.1.0) |
Oracle MySQL Community Server 8.4
|
Center for Internet Security (CIS)
|
01/07/2026 |
Prose - CIS Oracle MySQL Community Server 8.4 Benchmark v1.1.0
|
| CIS Oracle SaaS Cloud Applications Benchmark (1.0.0) |
Oracle Cloud Infrastructure
|
Center for Internet Security (CIS)
|
01/06/2026 |
Prose - CIS Oracle SaaS Cloud Applications Benchmark v1.0.0
|
| CIS Microsoft Azure Foundations Benchmark (5.0.0) |
Microsoft Azure
|
Center for Internet Security (CIS)
|
01/06/2026 |
Prose - CIS Microsoft Azure Foundations Benchmark v5.0.0
|
| CIS DigitalOcean Services Benchmark (1.0.0) |
DigitalOcean Cloud Infrastructure
|
Center for Internet Security (CIS)
|
01/06/2026 |
Prose - CIS DigitalOcean Services Benchmark v1.0.0
|
| Samsung Android 13 with Knox 3.x STIG (Y25M01) |
Google Android 13
|
Defense Information Systems Agency
|
12/17/2025 |
Standalone XCCDF 1.1.4 - Sunset - Samsung Android OS 13 with Knox 3.x STIG
|
| Akamai KSD Service IL2 STIG (Version 1) |
Akamai Kona Site Defender Service Impact Level 2
|
Defense Information Systems Agency
|
12/17/2025 |
Standalone XCCDF 1.1.4 - Akamai KSD Service IL2 ALG STIG Version 1
Standalone XCCDF 1.1.4 - Akamai KSD Service IL2 NDM STIG Version 1
|
| HYCU Protg STIG (Ver 1, Rel 1) |
HYCU Protoge
|
Defense Information Systems Agency
|
12/17/2025 |
Standalone XCCDF 1.1.4 - HYCU Protg STIG - Ver 1, Rel 1
|
| Google Android 13 BYOAD STIG (Y25M10) |
Google Android 13
|
Defense Information Systems Agency
|
12/17/2025 |
Standalone XCCDF 1.1.4 - Sunset - Google Android 13 BYOAD STIG
|
| Samsung Android 14 BYOAD STIG (Y25M10) |
Samsung Android 14.0
|
Defense Information Systems Agency
|
12/15/2025 |
Standalone XCCDF 1.1.4 - Samsung Android 14 BYOAD STIG
|
| Samsung Android 15 BYOAD STIG (Y25M10) |
Samsung Android 15.0
|
Defense Information Systems Agency
|
12/15/2025 |
Standalone XCCDF 1.1.4 - Samsung Android 15 BYOAD STIG
|
| Samsung Android 15 with Knox 3.x STIG (Y25M10) |
Google Android 15
|
Defense Information Systems Agency
|
12/12/2025 |
Standalone XCCDF 1.1.4 - Samsung Android OS 15 with Knox 3.x STIG
|
| Ivanti Connect Secure STIG (Y25M10) |
Ivanti Connect Secure
|
Defense Information Systems Agency
|
12/12/2025 |
Standalone XCCDF 1.1.4 - Ivanti Connect Secure STIG
|
| Google Android 15 STIG (Y25M10) |
Google Android 15
|
Defense Information Systems Agency
|
12/12/2025 |
Standalone XCCDF 1.1.4 - Google Android 15 STIG
|
| Google Android 14 STIG (Y25M10) |
Google Android 14
|
Defense Information Systems Agency
|
12/12/2025 |
Standalone XCCDF 1.1.4 - Google Android 14 STIG
|
* This checklist is still undergoing review for
inclusion into the NCP.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
